Security Intermediate

What is Rate Limiting?

A technique that controls the number of requests a client can make to a server within a specified time period.

Rate limiting protects APIs and services from abuse, DDoS attacks, and excessive usage. Common approaches include fixed window (X requests per minute), sliding window (smoother distribution), and token bucket (burst-friendly) algorithms.

Implementation can be per-user, per-IP, or per-API-key. HTTP response headers (X-RateLimit-Limit, X-RateLimit-Remaining, Retry-After) communicate limits to clients. Redis is commonly used to track request counts.

Learn More About This Topic

Linux Firewall Configuration

Related reading

Network Security Fundamentals

Related reading

Security+ Certification Guide

Related reading

Related Terms

Cryptographic Key Management

The practices and procedures for generating, storing, distributing, rotating, and revoking encryption keys securely.

PKI (Public Key Infrastructure)

A framework of policies, hardware, and software for creating, managing, distributing, and revoking digital certificates.

DAST (Dynamic Application Security Testing)

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

A one-way function that converts input data into a fixed-size string of characters, used for data integrity and password storage.

Security Hardening

The process of reducing a system's attack surface by disabling unnecessary services, applying patches, and configuring security controls.

An authorization framework that allows third-party applications to access user resources without sharing passwords.

View All Security Terms →